IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers forcing ‘legitimate’ anti-virus uninstall

Cyber criminals are using social engineering in their attempts to get users to uninstall legitimate anti-virus software.


A social engineering technique is being used to dupe users into uninstalling their anti-virus products, including those by big-time vendors such as Microsoft and AVG.

Hackers have leveraged a clone of the prevalent rogue CoreGuard Antivirus product called AnVi Antivirus, Symantec noted.

In the past, such rogue anti-virus products have included a retro virus, which seeks to remove anti-virus products entirely, but this attack differs.

The AnVi Antivirus fake product gets the user to access the legitimate anti-virus uninstaller and forces the user to remove the vendor software from the computer.

Symantec even found the fake anti-virus product attempting to get the user to uninstall some of its own software.

"A warning is displayed that the Symantec anti-virus software is uncertified' and will hamper the system's performance," the firm explained in a blog post.

"The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the user clicks the close' button, the uninstaller of the anti-virus product still executes."

Symantec researchers also discovered that the scheme tries to download rogue anti-virus software by connecting to malicious websites.

The Bieber effect

Combining fake anti-virus and social engineering has been a popular method among cyber criminal gangs.

Yesterday, PandaLabs said it had found more than 200 spoof web addresses using the lure of teenage pop singer Justin Bieber to spread rogue software called MySecurityEngine.

"These types of activities have become increasingly common", warned Luis Corrons, technical Director of PandaLabs.

"By positioning websites used to distribute malware among the first results in search engines, they can be sure that numerous internet users will inadvertently download the fake anti-virus."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation

How full-stack observability can accelerate IT innovation

3 May 2022